Dubai, United Arab Emirates, October 16, 2017 View All Press Releases

Analysts Discuss Security Trends at the Gartner Security and Risk Management Summit, October 16 - 17, in Dubai

Middle East and North Africa (MENA) spending on information security technology and services is on pace to reach US$1.8 billion in 2017, an increase of 11 percent over 2016, according to Gartner, Inc.

Sam Olyaei, senior research analyst at Gartner, provided the latest outlook for the information security industry today at the Gartner Security and Risk Management Summit, which is taking place here October 16- 17.

Security services will continue to be the fastest growing segment in line with global trends, especially IT outsourcing, consulting and implementation services.The growth for security services will be driven by ongoing skills shortages in the information security domain as well as increased awareness of threats.

In a region where the oil and gas industry is critical to many local economies converging of operational technology (OT), Internet of Things (IoT), and IT is pushing many organizations to start considering how to handle the potential new security vulnerabilities created. This will result in additional interest to invest in security products and services to mitigate these new risks that traditional information security practices are not accustomed to.

Rising awareness among chief executive officers (CEOs) and boards of directors about the business impact of security incidents, and an evolving regulatory landscape, have led to continued spending on security products and services not to mention increased accountability at the board level when it comes to security implications making metrics and executive communication a hot topic for leaders today.

"However, improving security is not just about spending on new technologies. As seen in the recent spate of global security incidents, doing the basics right has never been more important. Organizations can improve their security posture significantly just by addressing basic security and risk related hygiene processes like patch management, regular and scalable vulnerability scanning, centralized log management, internal network segmentation, backups and system hardening. Do not buy a tool just because a tool exists, invest in people and process to maintain and operate these tools," said Mr. Olyaei.

"The region is also fixated on check box compliance – a hallmark of immaturity when it comes to security. In essence there is a false sense of security in the GCC," Mr. Olyaei said. "Digital business is transforming the region and it is all about managing risk; managing risk is about understanding the major perils a business will face, and prioritizing controls and investments in security to achieve business outcomes."